Data Breach – Having a Plan

In a perfect world, where human error and malicious intent did not exist, we would not need to be prepared for a data breach. However, the fact is that most business will have some sort of “data-loss” incident that will warrant the use of data breach protocols. Remember – in today’s electronic world a lost USB drive, misplaced cell phone or a stolen laptop can account for a significant data breach. It makes good business sense to have a data breach plan in place for when this occurs. Here are a few items to include in your plan.

What data is out there, who has access to it, and how do they access it?

What are the regulatory requirements that govern this information (include federal, state and industry specific)? Who is the person in the company that is notified if a breach occurs?

When is that person contacted? What warrants a breach?

Start looking at your Data Protection Plan – where are you vulnerable? How are your back-up tapes, drives or online backups secured? Do you require passwords and/or encryption on mobile devices?